Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 CS 577 “TinySec: A Link Layer Security Architecture for Wireless Sensor Networks” Chris Karlof, Naveen Sastry, David Wagner UC Berkeley Summary presented.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 CS 577 “TinySec: A Link Layer Security Architecture for Wireless Sensor Networks” Chris Karlof, Naveen Sastry, David Wagner UC Berkeley Summary presented."— Presentation transcript:

1 1 CS 577 “TinySec: A Link Layer Security Architecture for Wireless Sensor Networks” Chris Karlof, Naveen Sastry, David Wagner UC Berkeley Summary presented by Gary Woo

2 2 CS 577 Outline Sensor Networks Design goals Design Analysis Implementation Evaluation Conclusion

3 3 CS 577 Sensor Networks “heterogeneous system combining tiny sensors and actuators with general-purpose computing elements” Nodes are low cost and low power Applications: –Habitat monitoring –Burglar alarms –Medical monitoring –Emergency response –Battlefield management

4 4 CS 577 Security –Message integrity (MAC) –Confidentiality (Encryption) –Replay protection (Counter/IV) Performance –Increase in processor/RAM demand is bad –Increase in message length is worse Ease of use Transparency Portability Design goals

5 5 CS 577 Design Modes –Authentication (TinySec-Auth) –Authenticated encryption (TinySec-AE) Encryption –Cipher Block Chaining –IV (8 bytes) formed by destination address, Active Message type, length, source, and 2 byte counter Message Integrity –MAC computed over entire message

6 6 CS 577 Cipher Block Chaining All nodes share secret key Provable secure when IV not repeated Pre-encrypt IV to avoid IV and Plain text incremented by 1 leakage Ciphertext stealing, min size = 8 bytes, otherwise same size as plaintext Plain text Initialization Vector Cipher text Encryption key Plain text Cipher text Encryption key

7 7 CS 577 Initialization Vector Counters provides 2 n + 1 packets before reuse Random provides 2 n/2 packets before reuse due to the birthday paradox (for any 23 people two will have matching birthdays greater than 50% of the time) Reuse destination address, active message type, and length New fields: source, 2 byte counter

8 8 CS 577 CBC MAC Ensures that bits changed in the message will be detected Reuse of CBC algorithm saves code space XORs the encryption of the message length with the first plaintext block (uses encrypted message length as IV)

9 9 CS 577 Packet format Early rejection (header not encrypted) Replaces 2 byte CRC and 1 byte group field with MAC TinySec-AE has Src (2 bytes) and Ctr (2 bytes) that TinySec-Auth doesn’t, which has 1 more byte than TinyOS

10 10 CS 577 Analysis MAC is 4 bytes, 1 in 2 32 chance of forging correctly 19.2kb/s channels allows only 40 attempts per second (2 31 attempts will take 20 months!) Denial of service, as link will be captured Avoids birthday paradox (uses counter) Each node can send 2 16 messages before reuse of IV CBC mode with IV reuse leaks longest shared prefix of the 2 messages (must be same src/dst pair, length, AM type) Should update keys before reuse

11 11 CS 577 Implementation Security –MAC and CBC for encryption Performance –Runs with 728 bytes of ram and 7146 bytes of program space Ease of use –Add “TINYSEC=true” when making code

12 12 CS 577 Implementation (cont.) Transparency –Runs at the Link Layer Portability –Distributed with TinyOS

13 13 CS 577 Implementation (cont.) TinySec implemented in 3000 lines of nesC Modified task scheduler (cryptographic operations higher priority than others) Uses top 2 bits of length selects TinySec mode –Max payload length is 29 bytes

14 14 CS 577 Evaluation Increased message length –Reduces bandwidth –Increase latency –Increases energy consumption Added cryptography –Increased computation time –Increased energy consumption

15 15 CS 577 Evaluation (Increased send time) Increased send time depends on TinySec mode About 1.6% increase for each byte

16 16 CS 577 Evaluation (Encryption computation time) Byte time must be small CBC operates on blocks of 8 bytes Rule of thumb: less than a few byte times

17 17 CS 577 Evaluation (Energy costs) Yellow shading shows extra energy costs of computing MAC and performing CBC Blue shading shows extra energy from increased message length TinyOS TinySec Auth TinySec AE

18 18 CS 577 Evaluation (Energy costs cont.) Increase for TinySec-Auth –1% from increased packet length –2% from extra computation Increase for TinySec-AE –6% from increased packet length –4% from extra computation

19 19 CS 577 Evaluation (Throughput) TinySec-Auth performs just as No TinySec TinySec-AE performs ~6% lower at >5 senders

20 20 CS 577 Evaluation (Latency) Increased message length –TinySec-Auth: 1 byte –TinySec-AE: 5 bytes

21 21 CS 577 Evaluation (Latency cont.) TinySec-Auth increase by 1.1 byte times TinySec-AE increase by 4.6 byte times

22 22 CS 577 Evaluation (Ease of use) No changes needed to higher layers (TinySec is at Link Layer) Need to modify makefile to enable TinySec Current work: –TinyPK (RSA to exchange keys) –TinyCrypt (elliptical curve cryptography) –SRI’s key exchange –SecureSense’s dynamic security service –Bosch burglar alarm

23 23 CS 577 Conclusion TinySec-Auth –Provides message integrity –Increases energy consumption by 3% TinySec-AE –Provides message integrity and confidentiality –Increases energy consumption by 10% Limited gains switching to hardware as increase message length is the cause

24 24 CS 577 References and Acknowledgements Author’s electronic version of paper (other figures and tables were taken from this document): –http://www.cs.berkeley.edu/~nks/papers/tinysec- sensys04.pdf

Download ppt "1 CS 577 “TinySec: A Link Layer Security Architecture for Wireless Sensor Networks” Chris Karlof, Naveen Sastry, David Wagner UC Berkeley Summary presented."

Similar presentations

TinySec: Security for TinyOS C. Karlof, N. Sastry, D. Wagner November 20, 2002.

TinySec: Security for TinyOS C. Karlof, N. Sastry, D. Wagner November 20, 2002.
MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3.

MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3.
“Advanced Encryption Standard” & “Modes of Operation”

“Advanced Encryption Standard” & “Modes of Operation”
Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.

Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
TinySec: Security for TinyOS Chris Karlof Naveen Sastry David Wagner January 15, 2003

TinySec: Security for TinyOS Chris Karlof Naveen Sastry David Wagner January 15, 2003
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks C. Karlof, N. Sastry, D. Wagner SPINS: Security Protocol for Sensor Networks A.

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks C. Karlof, N. Sastry, D. Wagner SPINS: Security Protocol for Sensor Networks A.
Cryptography1 CPSC 3730 Cryptography Chapter 6 Triple DES, Block Cipher Modes of Operation.

Cryptography1 CPSC 3730 Cryptography Chapter 6 Triple DES, Block Cipher Modes of Operation.
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Seetha Manickam.

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Seetha Manickam.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
Intercepting Mobiles Communications: The Insecurity of 802.11 Danny Bickson ACNS Course, IDC Spring 2007.

Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.
Security Issues In Sensor Networks By Priya Palanivelu.

Security Issues In Sensor Networks By Priya Palanivelu.
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof, Naveen Sastry, David Wagner SenSys 2004.

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof, Naveen Sastry, David Wagner SenSys 2004.
Modes of Operation CS 795. Electronic Code Book (ECB) Each block of the message is encrypted with the same secret key Problems: If two identical blocks.

Modes of Operation CS 795. Electronic Code Book (ECB) Each block of the message is encrypted with the same secret key Problems: If two identical blocks.
1 TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof, Naveen Sastry, David Wagner Presented by Paul Ruggieri.

1 TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof, Naveen Sastry, David Wagner Presented by Paul Ruggieri.
Privacy and Security in Embedded Sensor Networks Daniel Turner 11/18/08 CSE237a.

Privacy and Security in Embedded Sensor Networks Daniel Turner 11/18/08 CSE237a.

Similar presentations

Ads by Google